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DETAILED ACTION 

1 . The Examiner would like to note that the present application has been 
reassigned to a new Examiner. 

Response to Arguments 

2. Applicant's arguments filed 7/19/06 have been fully considered but they are not 
persuasive. 

3. Applicant has presented substantially identical arguments to those presented in 
the remarks filed 12/23/2005. To the extent that the arguments are the same as those 
previously presented, they have been reconsidered but remain unpersuasive for at least 
the reasons set forth in the Office action of 4/21/2006. The newly presented arguments 
are addressed below. 

4. With regard to Applicant's assertion that "Nothing is mentioned to suggest the 
Ericson system, even if implemented using the Fibre Channel protocol, would be used 
in an untrusted environment" and that "Ericson's entire description is in the context of a 
trusted environment" (Pages 14-15 of Remarks), the Examiner respectfully disagrees. 

Ericson fails to specify whether the described methods occur in a "trusted 
environment", and certainly does not disclose that they must be performed in such an 
environment. In fact, the disclosure does not even contain the words "trust" or "trusted 
environment". The mere fact that the environment of a single disclosed embodiment 
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(SCSI environment) is known to be "trusted and secure" simply does not necessitate or 
even recommend that the methods be performed only in a "trusted" environment. 

As discussed previously, Ericson clearly discloses that other known protocols 
may be used to implement the invention, specifically Fibre Channel (at least Col 6, 
Lines 1-6). Boggs teaches that Fibre Channel is considered to be preferable to parallel 
bus SCSI (At least Col 2, Lines 63-67), providing motivation to use the Fibre Channel 
embodiment suggested by Ericson. As acknowledged by Applicant, it is known that 
Fibre Channel environments are not always trusted (Page 1 1 , Lines 17-20). 

One of ordinary skill in the art, when presented with the disclosures of Ericson 
and Boggs, and aware of the known security issues present in a Fibre Channel 
environment, would have been motivated to seek out solutions to them. When made 
aware of the teaching of Yu, the would have been motivated to use an authentication 
mechanism such as the one taught by Yu to verify that a requesting device is authorized 
to access a resource and is not being spoofed. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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6. Claims 1-4, 9-27, 29-32 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ericson US patent 6,061,753 and further in view of Boggs et al. 
US patent 5,959,994 and Yu US patent 4,919,545. 

7. As per claim 1 1 Ericson teaches a data management method for managing 
access to a storage system between two devices coupled to the storage system through 
a network [col.1 "SCSI Fibre Channel bus or Ethernet based local area network"], the 
method comprising: 

Receiving over the network at the storage system a request from one of the 
device [initiator - see col. 3 lines 56-60]; 

Selectively servicing, at the storage system, the request responsive to 
configuration data indicating that the device [initiator] is authorized to access the portion 
of data [col. 4 lines 4-25]. 

Ericson does not teach authenticating the request at the storage system to 
authenticate the device issuing the request. Yu teaches a security method for authorizing 
access by a process in source node to a resource in the network comprising encrypting an 
identifier of the requesting node using a key associated with the node, sending the 
encrypted key to the resource, decrypting the identifier at the resource node to verify the 
request [see abstract]. 

It is well known in the art at the time of the invention that SCSI peripherals may 
be distributed over wide area network using ATM and Fibre Channel. (See Boggs et al. 
US patent 5,959,994 col. 2 lines 63-68, col. 10 lines 8-22). Ericson specifically discloses 
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that his invention is applicable to Fibre Channel protocols (col. 6 lines 1-6). Hence, it 
would have been obvious for one of ordinary skill in the art to combine Boggs and 
Ericson because it would have enabled distributed access control to peripherals over 
wide area network. 

Yu discloses that distributed network is venerable to identity spoofing (col.4 lines 
56-65). Yu specifically discloses that security based on access control only is 
inadequate (col.1 lines 60-63, col.2 lines 7-10). Hence, Given the teaching of Yu, one 
of ordinary skill in the art would have been motivate to use both the access control 
security of Ericson together with authentication security of Yu to form an enhanced 
security system to prevent both type of security breaches: unauthorized access and 
identification theft. 

Therefore, it would have been obvious for one of ordinary skill in the art to combine 
the teaching of Yu with the storage system of Ericson as modified to authenticate that the 
represented device is the device making the request because it would have prevented 
access by a device masqueraded as an authorized device (see Yu col. 3 line 29-35). 

8. As per claim 2, Ericson teaches the storage system stores a plurality of volumes 
of data where configuration data stored in the storage system in a configuration table 
[look-up table] having identifier and information indicating which volumes are available 
to a device [col.4 lines 34-54]. 
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9. As per claim 3, it is apparent Ericson as modified that the request would be 
forwarded to the storage system over the network. 

10. As per claim 4, Ericson teaches using Fibre Channel [col.1 line 15, col. 6 line 5]. 
It is apparent that a system with Fibre Channel would use Fibre Channel protocol. 

11. As per claims 1 5-1 8, 21 -22, 26-27 they are rejected under similar rationales as 
for claims 1 -4 above. It is apparent that the process as modified would have computer 
program instruction stored on computer readable medium and the corresponding 
system for carrying out the method recited. 

12. As per claims 1 1 and 30, Ericson teaches plural disk drives [RAID col. 4 lines 5- 
15]. 

13. As per claims 12 and 29, Yu teaches validating that the request was not altered 
during transmit (col. 3 lines 29-35). 

14. As per claims 13 and 19-20, 24-25, Ericson teaches row with bitmap records 
corresponding to teach device authorized to access each of the corresponding ports 
[col.4 lines 40-53]. 
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15. As per claims 14 and 23, Ericson teaches precluding service request responsive 
to configuration data [col.4 lines 47-50]. As per claims 9, 10, 31, 32, Ericson does not 
specifically disclose that the device is a host processor or file server. The type of device 
making the request would clearly have been a matter of design choice because it does not 
change the functionality of the storage system access control method taught by Ericson. 
Furthermore, Ericson teaches using the system may be used over a local area network 
[col.1 lines 15-16]. Official notice is taken that the usage of host processor and file server 
in a LAN or WAN is ubiquitous at the time of the invention. Hence, it would have been 
obvious host processor and file server requesting access to the storage system in Ericson 
as modified in order to provide file services to requesting clients. 

16. Claims 33, 6-8, and 34 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ericson, Boggs, and Yu, and further in view of Abadi et al. US 
patent 5,315,657. 

17. As per claim 33, Yu teaches the request include a request access key (capability + 
signature 44), and verify with an expected key at the storage system (resource node) [see 
col. 6 line 50 to col. 7 line 44]. Yu does not teach sending an expected access key 
between the storage system and the requesting device. Yu teaches the resource node 
maintains a unique encryption key for each requesting node [col.7 lines 12-15, lines 50- 
56]. Yu does not specifically disclose how the resource node comes to possession of 
these unique keys. However, the method of providing encryption information to a 
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destination node so that the destination node can encrypt data specifically targeted for the 
providing node is well known in the art. Abadi discloses using RSA cryptography to 
authenticate the identity of a requesting node by providing a public key to the destination 
and the destination returning to the requesting node data (i.e. the claimed expected 
access key) encrypted using that public key such that it can only be decrypted with the 
requesting node's private key. [See Abadi col.4 lines 50-68, col.5 lines 1 to col.6 line 8]. 
RSA cryptography is a well-known secured encryption standard and code fore 
implementing the encryption is readily available. Hence, it would have been obvious for 
one of ordinary skill in the art to modify Ericson and Yu to use RSA cryptography because 
it would have eased implementation of the encryption features and to ensure difficulty for 
unauthorized device to gain access via theft of the access key. 

18. As per claim 6, Yu teaches verifying the identified source by comparing the 
requested key to the expected key (col.3 lines 20-28). 

19. As per claim 7, Yu clearly teaches encrypting using key associated with the 
device [col. 7 lines 14-15]. 

20. As per claim 8, it is apparent that the system as modified would decrypt the 
access key using a decryption key provided initially by the device (the pubic key). 
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21 . As per claim 34, Abadi teaches transferring of encryption information between 
the storage system and the device (the exchange of public key information [see Abadi 
col. 4 lines 50-68, col. 5 lines 1 to col.6 line 8]). 

Conclusion 

22. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

23. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aaron Strange whose telephone number is 571-272- 
3959. The examiner can normally be reached on M-F 8:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Glen Burgess can be reached on 571-272-3949. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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10/9/09 




